Threat behavior

Backdoor:Win32/Tofsee.I is a component of Win32/Tofsee - a multi-component family of backdoor trojans that act as a spam and traffic relay. This component is used to load the main component, detected as Backdoor:Win32/Tofsee.F.

Backdoor:Win32/Tofsee.F functions as an HTTP proxy, using its backdoor functionality to receive commands that may order it to generate and send e-mail.